Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I am in the process of combining both a remote access and site to site vpn configuration into one device. Right now I have a "route inside 0 0 x.x.x.x tunneled" statement on each of these. My understating is that the "tunneled" command will simply di...
I am currently using interface based ACL's and during my configuration of HSRP I had to allow my secondary routers IP to multicast to the address of 224.0.0.2 and just the same on the secondary one for the IP on the primary router. If I convert to a ...
After a week or so of FirePower being in serivce I am receiving a notification that the host license limit has been reached (50k) Right now the action is set to overwrite old hosts. My internal network does not exceed 150+ physical devices so I'm und...
When implementing FirePower services on an ASA and managing it with FireSight in an enviroment with existing ACL's and NAT statement on the ASA, will creating access control policies and nat statements through FireSight take precedence over the local...
I will be implementing a Sourcefire solution within the next couple of weeks and am familiar with the install process on single devices. However, I will be installing the module on an Active/Standby pair. Will each box or SFR installation require it'...
Looks like my outside interface was included in the discovery rule but not limited to the VPN networks. Made a couple of changes and purged the host information and it looks like I now have a more realistic number of hosts being reported. This should...
That does seem to make more sense to me now since the initial policy map does not define which traffic should be inspected or sent to the module, and that in Cisco documentation it is typically applied to the global service policy.
Perfect, and thanks for the clarification. The documentation does not go too far into how an HA pair is impacted and I don't have a pair of NGFW's or licensing for testing. I'm looking forward to getting more hands on with it over the next few days.
That would be the case in upgrading the image on the sfr module itself, but in the case of upgrading the FireSight Defense Center would the primary firewall still failover? And if so wouldn't the standby firewall then see the module failed as well wh...
Thanks, could you also provide insight to the upgrade path and licensing? For example I will be installing 5.4.0 could I apply a 5.4.1.3 upgrade without incremental upgrades? Does licensing between 5.3 and 5.4 differ? And finally, would simply settin...
